We have been using squid in a reverse proxy mode for several weeks now and its been working well. Lately we have remote users that have a transparent proxy and users are getting hung when trying to access a particular page. Going thru cache.log and all I see for every connection is "ALLOWED", but do see lines line this: 2011/03/15 09:47:20| clientReadBody: start fd=48 body_size=97 in.offset=0 cb=0x450740 req=0x1cf9dd40 2011/03/15 09:47:20| clientProcessBody: start fd=48 body_size=97 in.offset=0 cb=0x450740 req=0x1cf9dd40 2011/03/15 09:47:20| clientProcessBody: start fd=48 body_size=97 in.offset=97 cb=0x450740 req=0x1cf9dd40 2011/03/15 09:47:20| clientProcessBody: end fd=48 size=97 body_size=0 in.offset=0 cb=0x450740 req=0x1cf9dd40 2011/03/15 09:47:20| The reply for POST http://IP_ADDRESS/services/forward/jcore_security_check is ALLOWED, because it matched 'all' Not sure if clientProcessBody is a problem or not? Another group wants to replace the squid with Apache reverse proxy and tried it out this morning and it didn't have any problems with the remote user and the downstream proxy server. Here are my squid_conf settings: auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic realm Ericsson. For support email performance@xxxxxxxxxxxx . A login auth_param basic credentialsttl 1 hours authenticate_ttl 1 hour authenticate_ip_ttl 1 hour external_acl_type mysession ttl=10 children=5 negative_ttl=0 %LOGIN %PATH /usr/local/bin/ckuser.pl acl mysession external mysession %LOGIN %PATH acl strt1 url_regex [-i] ^http://www.ericssonperformance.com$ acl strt2 url_regex [-i] ^http://129.192.172.19$ acl good_src url_regex -i \.php 129.192.172.19\/$ www.ericssonperformance.com\/$ acl all src all acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 # unregistered ports acl ncsa_users proxy_auth REQUIRED acl CONNECT method CONNECT deny_info ERR_ACCESS_DENIED Safe_ports http_access deny !Safe_ports deny_info ERR_ACCESS_DENIED ncsa_users http_access allow mysession ncsa_users http_access deny all http_reply_access allow all icp_access allow localnet icp_access deny all reply_body_max_size 0 allow all acl_uses_indirect_client on http_port 10.102.16.101:80 accel defaultsite=129.192.172.19 vhost forwarded_for on cache_peer 10.202.16.117 parent 80 0 no-query originserver name=ADMIN cache_peer_access ADMIN allow all cache_peer 10.202.16.37 parent 80 0 no-query originserver name=WPP1 cache_peer_access WPP1 allow all cache_peer 10.202.16.40 parent 80 0 no-query originserver name=WPP2 cache_peer_access WPP2 allow all hierarchy_stoplist cgi-bin ? cache_dir null /tmp access_log /var/log/squid/access.log squid debug_options ALL,1 33,2 log_fqdn off url_rewrite_program /usr/local/bin/rewrite.pl url_rewrite_children 20 url_rewrite_concurrency 0 url_rewrite_host_header on redirector_bypass off location_rewrite_program /usr/local/bin/rewrite.pl acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache deny all refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 negative_ttl 0 minutes positive_dns_ttl 1 minutes acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast via on acl apache rep_header Server ^Apache broken_vary_encoding allow apache refresh_stale_hit 0 seconds header_access Accept allow all header_access Accept-Encoding allow all header_access Accept-Language allow all header_access Authorization allow all header_access Cache-Control allow all header_access Content-Disposition allow all header_access Content-Encoding allow all header_access Content-Length allow all header_access Content-Location allow all header_access Content-Range allow all header_access Content-Type allow all header_access Cookie allow all header_access Expires allow all header_access Host allow all header_access If-Modified-Since allow all header_access Location allow all header_access Range allow all header_access Referer allow all header_access Set-Cookie allow all header_access WWW-Authenticate allow all header_access All deny all client_persistent_connections off always_direct allow all check_hostnames off forwarded_for on coredump_dir /var/spool/squid Any help would be appreciated. thanks
